[jboss-jira] [JBoss JIRA] (WFLY-6823) Doesn't work using non-ASCII chars for username and/or password for BASIC authentication.
Jan Kalina (JIRA)
issues at jboss.org
Thu Oct 19 09:02:00 EDT 2017
[ https://issues.jboss.org/browse/WFLY-6823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13479331#comment-13479331 ]
Jan Kalina commented on WFLY-6823:
----------------------------------
The problem is, firefox encodes only least significant byte of the character when converting to ISO-8859-1 - we are unable to convert back to unicode character as the information from previous bytes of the character is missing - we would have to store passwords in hash trimmed too, or we would have to store them plain, which is not acceptable for production usage. This is not problem of charset - the information is already missing in firefox response. -> dev nacked
> Doesn't work using non-ASCII chars for username and/or password for BASIC authentication.
> -----------------------------------------------------------------------------------------
>
> Key: WFLY-6823
> URL: https://issues.jboss.org/browse/WFLY-6823
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Hynek Švábek
> Assignee: Jan Kalina
>
> Doesn't work using non-ASCII chars for username and/or password for BASIC authentication.
> We noticed it when we looked on JIra issue https://issues.jboss.org/browse/JBEAP-3603.
> We JBoss EAP 7 expects encoded UTF-8 strings in code. But we didn't find any information about it in specification.
> It works with Chrome and Opera, but it doesn't work with Firefox.
> Since there is no documentation for this username/password limitation it can affect customers who want to use non-ASCII credentials.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list